Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21951
Total
1564
Critical
6675
High
7022
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-46716 | CRITICAL | 9.9 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create … | Jun 12, 2026 |
| CVE-2026-41158 | UNKNOWN | — | Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, … | Jun 12, 2026 |
| CVE-2026-41157 | UNKNOWN | — | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space … | Jun 12, 2026 |
| CVE-2026-41155 | UNKNOWN | — | An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. … | Jun 12, 2026 |
| CVE-2026-34195 | UNKNOWN | — | Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. … | Jun 12, 2026 |
| CVE-2026-12131 | MEDIUM | 6.3 | A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component … | Jun 12, 2026 |
| CVE-2025-7019 | MEDIUM | 5.5 | Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast … | Jun 12, 2026 |
| CVE-2025-7018 | MEDIUM | 5.5 | Null pointer dereference vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus engine process. This issue … | Jun 12, 2026 |
| CVE-2025-7017 | HIGH | 7.8 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of … | Jun 12, 2026 |
| CVE-2025-7011 | HIGH | 7.8 | Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the … | Jun 12, 2026 |
| CVE-2025-7010 | MEDIUM | 5.5 | Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue … | Jun 12, 2026 |
| CVE-2025-7009 | HIGH | 7.8 | Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the … | Jun 12, 2026 |
| CVE-2025-7008 | HIGH | 7.8 | Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or … | Jun 12, 2026 |
| CVE-2025-7006 | MEDIUM | 5.5 | Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This … | Jun 12, 2026 |
| CVE-2025-7005 | MEDIUM | 5.5 | Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, … | Jun 12, 2026 |
| CVE-2025-7004 | HIGH | 7.8 | Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the … | Jun 12, 2026 |
| CVE-2025-7003 | HIGH | 7.8 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the … | Jun 12, 2026 |
| CVE-2025-7002 | HIGH | 7.8 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the … | Jun 12, 2026 |
| CVE-2020-2521 | UNKNOWN | — | Rejected reason: This candidate was issued in error. | Jun 12, 2026 |
| CVE-2026-54397 | UNKNOWN | — | A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an … | Jun 12, 2026 |
| CVE-2026-54396 | UNKNOWN | — | An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was … | Jun 12, 2026 |
| CVE-2026-54395 | UNKNOWN | — | MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML … | Jun 12, 2026 |
| CVE-2026-54394 | UNKNOWN | — | MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid … | Jun 12, 2026 |
| CVE-2026-54393 | UNKNOWN | — | A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal(), … | Jun 12, 2026 |
| CVE-2026-54362 | UNKNOWN | — | An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their … | Jun 12, 2026 |